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AMENDMENTS TO THE CLAIMS 

Upon entry of this amendment, the following listing of claims will replace all prior 
versions and listings of claims in the pending application. 

Please amend claims 1-13 16-20, 22-28, and 30-32 as follows: 

1 . (Currently Amended) A method for virtualizing access to named system objects, the method 
comprising instructing a suitably programmed computer to perform the steps of: 

(a) receiving a request to access a system object stored in a memory element 
provided by a computer, the request received from a process executing in tbe a_context of an 
isolation environment, the isolation environment comprising an application isolation layer and 
a user isolation layer, the request including a virtual name for the system object; 

(b) selecting, from a m e mory e l e m e nt provid e d by the computer, a rule associated 
with the request, the selection responsive to the application isolation layer and the user 
isolation layer forming the isolation environment in which the process executes; 

(c) forming a literal name for the system object in response to the dotorminod 
selected rule; and 

(d) issuing^ to the an operating system executing on the computer, a request to access 
the system object, the request including the literal name for the system object. 

2. (Currently Amended) The method of claim 1 wherein stop (a) comprises : rocoiving a request 
to access a system object stored in the momor>^ olomont provided by the computer, the request 
r e c e iv e d from a process executing in the context of an isolation environment, the isolation 
environm e nt comprising an application isolation laver and a user isolation laver. the svstem 
object is selected from #ie a^group consisting of a semaphore, a mutex, a mutant, a timer, an 
event, a job object, a file-mapping object, a section, a named pipe, and a mailslot, the request 
including a virtual name for the system object. 

3. (Currently Amended) The method of claim 1 wherein step (a) further comprises intercepting 
[[a]] the request to access [[a]] tiie system object from a process executing in the context of an 
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isolation environment, the isolation environment comprising an application isolation layer and a 
user isolation layer, the request including a virtual name for the system object. 

4. (Currently Amended) The method of claim 1 wherein stop (a) comprises rocoiving a request 
from a process executing in the context of an isolation onvironmont, the isolation environment 
comprising an application isolation layer and a user isolation layer, the request to access the 
system object comprises a request t o open [[a]] tiie system object, the request including a virtual 
name for the system object. 

5. (Currently Amended) The method of claim 1 wherein stop (a) comprises rocoiving a request 
from a process executing in the context of an isolation onvironmont, tho isolation onvironmont 
comprising an application isolation lay e r and a user isolation layer, the request to access the 
system object further comprises a request t o create [[a]] tiie system object, the request including 
a virtual name for the system object. 

6. (Currently Amended) The method of claim 1 wherein step (b) further comprises determining, 
responsive to the application isolation layer and the user isolation layer forming the isolation 
environment in which the process executes, that a rule action selected from the a_group 
consisting of ignore, redirect and isolate, is associated with the request. 

7. (Currently Amended) The method of claim 1 wherein step (b) ftirther comprises accessing a 
rules engine to determine, responsive to the application isolation layer and the user isolation 
layer forming the isolation environment in which the process executes, a rule action associated 
with the virtual name included in the received request. 

8. (Currently Amended) The method of claim 1 wherein step (c) fiirther comprises forming, 
responsive to the application isolation layer and the user isolation layer forming the isolation 
environment in which the process executes, a literal name for the system object stored in the 
memory element provided by the computer using the virtual name provided in the request and a 
scope-specific identifier. 
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9. (Currently Amended) The method of claim 1 wherein step (c) further comprises forming, 
responsive to the application isolation layer and the user isolation layer forming the isolation 

environment in which the process executes, a literal name for the system object stored in the 
memory element provided by the computer using the virtual name provided in the request and a 
scope-specific identifier, the scope-specific identifier associated with an application isolation 
scope with which the process making the request is associated. 

10. (Currently Amended) The method of claim 1 wherein step (c) further comprises forming, 
responsive to the appHcation isolation layer and the user isolation layer forming the isolation 

environment in which the process executes, a literal name for the system object stored in the 
memory element provided by the computer using the virtual name provided in the request and a 
scope-specific identifier, the scope-specific identifier associated with the user isolation scope in 
which the process making the request executes. 

11. (Currently Amended) The method of claim 1 wherein step (c) further comprises the step of 
forming a the literal name for the system object stored in the memory element provided by the 
computer identifying the system object as having global visibility. 

12. (Currently Amended) The method of claim 1 wherein step (c) further comprises the step of 
forming a the literal name for the system object stored in the memory element provided by the 
computer identifying the system object as having session visibility. 

13. (Currently Amended) The method of claim 1 wherein step (c) comprises forming a the literal 
name for the system object stored in the memory element provided by the computer that is 
identical to the virtual name provided in the request. 

14. (Original) The method of claim 1 further comprising the step of receiving a handle fi-om the 
operating system identifying the accessed object. 

15. (Original) The method of claim 14 fiirther comprising the step of transmitting the handle to 
the process. 
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16. (Currently Amended) The method of claim 1 further comprising the step of receiving a 
second request to access the system object from a second process executing in the context of a 
second isolation environment comprising an second application isolation layer and a second user 
isolation scope layer, the second r equest including the virtual name for the object. 

17. (Currently Amended) The method of claim 16 wherein step (c) further comprises forming, 
responsive to the second application isolation layer and the second user isolation layer forming 
[[aft]] the second i solation environment in which the second process executes, a literal name for 
the system object using the virtual name provided in the second r equest and a scope-specific 

identifier. 

18. (Currently Amended) The method of claim 17 wherein step (c) further comprises forming, 
responsive to the second application isolation layer and the second user isolation layer forming 
the second isolation environment in which the second process executes, a literal name for the 
system object stored in the memory element provided by the computer using the virtual name 
provided in the request and a scope-specific identifier, the scope-specific identifier associated 
with an application isolation scope with which the second process making the request is 
associated. 

19. (Currently Amended) The method of claim 17 wherein step (c) fiirther comprises forming, 
responsive to the second application isolation layer and the second user isolation layer forming 
the second isolation environment in which the second process executes, a literal name for the 
system object stored in the memory element provided by the computer using the virtual name 
provided in the request and a scope-specific identifier, the scope-specific identifier associated 
with the second user isolation scope in which the second process making the request executes. 

20. (Currently Amended) The method of claim 16 wherein step (c) fiirther comprises forming, 
responsive to the second application isolation layer and the second user isolation layer forming 
the second isolation environment in which the second process executes, a literal name for the 
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system object stored in the memory element provided by the computer that is identical to the 
virtual name provided in the request. 

21. (Previously Presented) The method of claim 1 further comprising the step of receiving a 
request to access the system object from a second process executing in the context of the user 
isolation layer, the request including the virtual name for the object. 

22. (Currently Amended) The method of claim 21 wherein step (c) fiirther comprises forming, 
responsive to the apphcation isolation layer and the user isolation layer forming the isolation 

environment in which the second process executes, ft the_literal name for the system object using 
the virtual name provided in the request and a scope-specific identifier. 

23. (Currently Amended) The method of claim 22 wherein step (c) further comprises forming, 
responsive to the apphcation isolation layer and the user isolation layer forming the isolation 
environment in which the second process executes, a the literal name for the system object using 
the virtual name provided in the request and a scope-specific identifier, the scope-specific 
identifier associated with an application isolation scope with which the second process making 
the request is associated. 

24. (Currently Amended) The method of claim 22 wherein step (c) fiirther comprises forming, 
responsive to the apphcation isolation layer and the user isolation layer forming the isolation 
environment in which the second process executes, a the_literal name for the system object using 
the virtual name provided in the request and a scope-specific identifier, the scope-specific 
identifier associated with the user isolation scope in which the second process making the request 
executes. 

25. (Currently Amended) The method of claim 21 wherein step (c) fiirther comprises forming, 
responsive to the application isolation layer and the user isolation layer forming the isolation 
environment in which the second process executes, a the literal name for the system object that is 
identical to the virtual name provided in the request. 
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26. (Currently Amended) An apparatus for virtualizing access to named system objects 
comprising: 

computer-readable program means for receiving a request to access a system object from 
a process executing in tfee a_context of an isolation environment, the isolation environment 
comprising an application isolation layer and a user isolation layer, the request including a 
virtual name for the system object; 

computer-readable program means for forming a literal name for the system object 
responsive to the application isolation layer and the user isolation layer forming the isolation 
environment in which the process executes; and 

computer-readable program means for requesting access to the system object using the 
literal name. 

27. (Currently Amended) The apparatus of claim 26 wherein the computer-readable program 
means for receiving a the request further comprises intercepting int e rc e pts a request to open a 
system object. 

28. (Currently Amended) The apparatus of claim 26 wherein the computer-readable program 
means for receiving the ^ -request further comprises intercepting int e rc e pts a request to create a 
system object. 

29. (Previously Presented) The apparatus of claim 26 further comprising computer-readable 
program means for storing a rule associated with the request. 

30. (Currently Amended) The apparatus of claim 29 wherein the computer-readable program 
means for storing a the r ule further comprises a database. 

3 1 . (Currently Amended) The apparatus of claim 26 wherein the computer-readable program 
means for forming a the literal name for the system object further comprises forming fe ma. 
responsive to the application isolation layer and the user isolation layer forming the isolation 
environment in which the process executes, a literal name for the system object that is identical 
to the virtual name. 
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32. (Currently Amended) The apparatus of claim 26 wherein the computer-readable program 
means for forming a the literal name for the system object fetms further comprises forming , 
responsive to the apphcation isolation layer and the user isolation layer forming the isolation 
environment in which the process executes, a literal name for the system object using the virtual 
name and a scope-specific identifier. 

33. (Original) The apparatus of claim 32 wherein the scope-specific identifier is associated with 
an application isolation scope with which the process making the request is associated. 



34. (Original) The method of claim 32 wherein the scope-specific identifier is associated with the 
user isolation scope in which the process making the request executes. 
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